Cyber Operations Lead- Cloud/IaaS
Leidos · Hill Air Force Base, Utah, United States · 1 mo ago
On-siteInformation Technology$87k–$157k/yrFull-time
Primary Responsibilities
- Maintain a team of approximately 6-8 cybersecurity analysts, guiding them in monitoring, analyzing, and correlating real-time DoD and open-source intelligence feeds to identify Indicators of Compromise (IOCs).
- Integrate threat intelligence into security sensors and SIEMs to proactively counter emerging threats.
- Triage and investigate security alerts across various customer networks, including those from endpoints, IDS/IPS, NetFlow, VPC Flows, raw packet data, and cloud-native or custom monitoring sensors.
- Analyze extensive log files across diverse datasets within multi-cloud environments (AWS, GCP, Oracle) to identify, prioritize, and investigate potential compromises.
- Coordinate and collaborate closely with incident response teams to rapidly contain and eradicate threats across hybrid and cloud-hosted environments.
- Author detailed technical investigation reports outlining incident findings and report critical security events to customers and USCYBERCOM.
- Escalate critical security events to ensure a timely and coordinated national defense response.
- Lead and support assigned personnel by conducting regular employee engagement activities, collaborating with People Leaders and senior management to support employee training, performance management, and reviews, and maintaining consistent and effective communication with the chain of command, customers, civilian personnel, and employees.
- Collaborate with senior leadership to ensure long-term mission effectiveness and resolve any operational roadblocks.
- Ensure the consistent implementation and adherence to leadership directives and organizational policies in collaboration with People Leaders.
Basic Qualifications
- Minimum active DoD TS clearance.
- Current DoD 8570 IAT Level II certification (or higher), such as CompTIA Security+ CE, ISC2 SSCP, or SANS GSEC (or equivalent).
- Ability to obtain DoD 8570 CSSP-A Level Certification (e.g., CEH, CySA+, GCIA, or equivalent) within 180 days of hire.
- Strong foundation in networking, including packet analysis, common ports and protocols, and traffic flow.
- Knowledge of the OSI model, defense-in-depth security principles, and common security elements for effective threat detection, analysis, and mitigation as a SOC Security Analyst.
- Bachelor's degree and 4+ years of relevant experience; equivalent work experience and/or military service may be considered in lieu of a degree.
- Prior experience working with the Defense Information Systems Agency (DISA) and/or Department of Defense (DoD) networks.
- Advanced knowledge of TCP/IP, common networking ports and protocols, traffic flow analysis, system administration principles, the OSI model, defense-in-depth strategies, and standard security components.
- In-depth expertise in the architecture, engineering, and operational aspects of at least one enterprise-grade SIEM platform (e.g., ArcSight, QRadar, LogLogic, Splunk, Elastic).
- Demonstrated experience with malware analysis concepts and methodologies.
- Advanced certifications such as SANS GIAC (e.g., GCIA, GCIH, GLSC) or CompTIA CASP+.
- Experience implementing intelligence-driven defense strategies and/or utilizing the Cyber Kill Chain framework.
- A minimum of two (2) years of experience managing cross-functional cybersecurity teams.
Preferred Qualifications
- Prior experience working with DISA and/or DoD networks.
- Advanced knowledge of TCP/IP, common networking ports and protocols, traffic flow analysis, system administration principles, the OSI model, defense-in-depth strategies, and standard security components.
- In-depth expertise in the architecture, engineering, and operational aspects of at least one enterprise-grade SIEM platform (e.g., ArcSight, QRadar, LogLogic, Splunk, Elastic).
- Demonstrated experience with malware analysis concepts and methodologies.
- Advanced certifications such as SANS GIAC (e.g., GCIA, GCIH, GLSC) or CompTIA CASP+.
- Experience implementing intelligence-driven defense strategies and/or utilizing the Cyber Kill Chain framework.
- A minimum of two (2) years of experience managing cross-functional cybersecurity teams.
About the Role
The GSM-O II TN22 team has an opportunity for a current team member to move into a leadership position supporting cyber operations. The Operations Leader provides daily leadership, direction, and guidance to a team responsible for delivering 24x7 cybersecurity monitoring services for Department of Defense networks.
Pay and Benefits
Pay Range $87,100.00 - $157,450.00. Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.